[tor-bugs] #4583 [Tor Bridge]: Implement certificate start time fuzzing (part of proposal 179)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Nov 26 22:30:16 UTC 2011
#4583: Implement certificate start time fuzzing (part of proposal 179)
------------------------+---------------------------------------------------
Reporter: asn | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Bridge | Version:
Keywords: | Parent: #3972
Points: | Actualpoints:
------------------------+---------------------------------------------------
Implement fuzzing of the certificate's 'notBefore' field, so that it's not
so apparent that we are creating new certs every 2 hours.
Jake's code generated an 18-bits random number and substracted it from
time(NULL). This approach fuzzes 'notBefore' for a maximum of 72 hours
approx.
Do we like it? Should we increase it? Should we decrease it? Is there
anything we should be careful with, when increasing/decreasing the fuzzing
factor?
Since our new advertised MAX_SSL_LIFETIME is 1 year, I would incerase the
fuzzing factor, even allowing our maximum fuzzing to be a month or so.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4583>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list